Page MenuHomePhabricator

function phutil_tag($tag, $attributes, $content)
libphutil Technical Documentation (Remarkup)

Render an HTML tag in a way that treats user content as unsafe by default.

Tag rendering has some special logic which implements security features:

  • When rendering <a> tags, if the rel attribute is not specified, it is interpreted as rel="noreferrer".
  • When rendering <a> tags, the href attribute may not begin with javascript:.

These special cases can not be disabled.

IMPORTANT: The $tag attribute and the keys of the $attributes array are trusted blindly, and not escaped. You should not pass user data in these parameters.
Parameters
string$tagThe name of the tag, like `a` or `div`.
map<string,$attributesstring> A map of tag attributes.
wild$contentContent to put in the tag.
Return
PhutilSafeHTMLTag object.